httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "TAYLOR, TIM \(CONTRACTOR\)" <TIM.TAY...@DFAS.MIL>
Subject FW: [users@httpd] SSL certifcate question
Date Tue, 16 Nov 2004 15:34:55 GMT
>Why is it that the certificate that was sent back is not named like my
>key? And what do I do with the CA's certficates?

You can name the files whatever you like. All that matters is the correct internal format.
Apache prefers PEM encoding. The apache directives are not picky about the name of the file.
The CA certificate is needed by your client to trust your web server and by your web server
if you use the SSLCertificateChainFile directive and (possibly) client authentication trust.

>When I restarted Apache everything worked yet I the certificate that I could
>see from my browser while visiting the site showed that it still
>expired on the 18th.  I'm puzzled?

How, exactly are you looking at the certificate from your browser?

>Was I suppose to create a new key? or was it ok to use the same key
>originally used last year?  I mean it's only a signature...

It is ok to use your same key as long as you get a certificate with the appropriately matching
public key from the previous PKCS#10 certificate request. Certificates have expiry, key pairs
don't.

regards,
tt

-----Original Message-----
From: seb hould [mailto:apache.ml@gmail.com]
Sent: Tuesday, November 16, 2004 8:26 AM
To: users@httpd.apache.org
Subject: Re: [users@httpd] SSL certifcate question


Why is it that the certificate that was sent back is not named like my
key? And what do I do with the CA's certficates?

Basically my old certificate expires on the 18th.  I have copied the
new certificate to the expected directory then I have changed the
CertificateFile directive to point to the new certificate.  When I
restarted Apache everything worked yet I the certificate that I could
see from my browser while visiting the site showed that it still
expired on the 18th.  I'm puzzled?

Was I suppose to create a new key? or was it ok to use the same key
originally used last year?  I mean it's only a signature...

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message